Tech

Purple Academy by Picus provides free cybersecurity courses around Red, Blue and Purple Teaming topics. Successful students earn certificates and CPE credits.

Checklist of security precautions for Ruby on Rails applications. - GitHub - SecZetta/secure-coding-standards: Checklist of security precautions for Ruby on Rails applications.

Security Guide for Developers (实用性开发人员安全须知). Contribute to FallibleInc/security-guide-for-developers development by creating an account on GitHub.

The biggest Privacy Resource list you can find on the Internet.

53 votes and 49 comments so far on Reddit

Docker has revolutionized the way we package and deploy software to the cloud. However, when it comes to securing our applications, we have many of the same old challenges. How do we know the software we’re running is secure? When new vulnerabilities come up, how can we roll out fixes quickly, and without service interruptions? In this talk we’ll talk about Google’s approach to securing your build pipeline, detecting vulnerabilities in production, and, of course, methods to prevent vulnerabilities from ever getting there. SEC208 Event schedule → http://g.co/next18 Watch more Security sessions here → http://bit.ly/2zJTZml Next ‘18 All Sessions playlist → http://bit.ly/Allsessions Subscribe to the Google Cloud channel! → http://bit.ly/NextSub re_ty: Publish; product: Cloud - General; fullname: Justin Beckwith; event: Google Cloud Next 2018;

Deploy-time security control that uses signature validation to ensure only trusted container images are deployed to Google Kubernetes Engine.

Split DNS returns different results depending on the source IP. It's commonly promoted as significant security measure for internal resources, for limiting enumeration and discovery. I've had many

So, you plan to sell your startup’s product to big companies one day. Congratu-dolences! Really, that’s probably the only reason you should care about this article. If that’s not you, go forth and live your life! We’ll ask no more of your time. For the rest of you: Industry people talk about SOC2 a lot, and it’s taken on a quasi-mystical status, not least because it’s the product of the quasi-mystical accounting industry.

Adventures in Kubernetes

Author: Andrew Martin (ControlPlane) Kubernetes security has come a long way since the project's inception, but still contains some gotchas. Starting with the control plane, building up through workload and network security, and finishing with a projection into the future of security, here is a list of handy tips to help harden your clusters and increase their resilience if compromised. Part One: The Control Plane 1. TLS Everywhere 2. Enable RBAC with Least Privilege, Disable ABAC, and Monitor Logs 3.

So you built a cluster. Maybe you have some apps deployed. You’re sold on this whole Kubernetes thing. Now what do you do?

By Connor Gilbert, product manager at StackRox Last month, the Kubernetes ecosystem was shaken by the discovery of the first major security flaw in Kubernetes, the world’s most popular container…

The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern – partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities.

This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Default installations of Helm on Kubernetes can make it trivial for attackers to escalate to cluster admin. In this post I’ll demonstrate how.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. - GitHub - OWASP/CheatSheetSeries: The OWASP Cheat Sheet ...

79 votes and 35 comments so far on Reddit

Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can…

As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a